- Newest
- Most votes
- Most comments
Hi
When you define a job in AWS Batch with Fagate you have 2 roles: see this working example of mine with ExecutionRoleArn and JobRoleArn
JobDefinition1:
Type: 'AWS::Batch::JobDefinition'
Properties:
JobDefinitionName: !Join
- '-'
- - !Ref NamePrefix
- '<xyz>
Type: 'container'
PlatformCapabilities:
- 'FARGATE'
ContainerProperties:
Command:
- 'uname --all'
- 'pwd'
- 'ls -l'
ExecutionRoleArn: !GetAtt BatchRole.Arn
Image: !Join
- ':'
- - !GetAtt EcrRepository.RepositoryUri
- !Ref ContainerImageTag
JobRoleArn: !GetAtt ServiceRole.Arn
NetworkConfiguration:
AssignPublicIp: 'ENABLED'
ResourceRequirements:
- Type: 'VCPU'
Value: '1'
- Type: 'MEMORY'
Value: '4096'
For execution role ARN: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-jobdefinition-containerproperties.html#cfn-batch-jobdefinition-containerproperties-executionrolearn
For JobRoleArn, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-jobdefinition-containerproperties.html#cfn-batch-jobdefinition-containerproperties-jobrolearn
You have to grant credentials for ECR access to AWS Batch execution IAM role
Best,
Didier
Hi Didier,
Thank you for your response!! I created a new role and attached in the execution role (below is the JSON for the same)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr-public:*",
"sts:GetServiceBearerToken"
],
"Resource": "*"
}
]
}
This is what I've attached in the Job Role -
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
Now I'm receiving this error - 'CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref public.ecr.aws/o4v0t6s8/swamibatchdemo:latest: failed to do request: Head "https://public.ecr.aws/v2/o4v0t6s8/swamibatchdemo/manifests/latest": dial tcp 75.2.101.78:443: i/o timeout'
I'm not able to understand what and where I'm doing something wrong? Please help and advise!
Appreciate your response
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago